cve-2018-1000200
Vulnerability from cvelistv5
Published
2018-06-05 13:00
Modified
2024-08-05 12:40
Severity ?
Summary
The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed process's final thread calling exit_mmap(), which calls munlock_vma_pages_all() for mlocked vmas.This can happen synchronously with the oom reaper's unmap_page_range() since the vma's VM_LOCKED bit is cleared before munlocking (to determine if any other vmas share the memory and are mlocked).
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:40:46.712Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3752-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3752-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27ae357fa82be5ab73b2ef8d39dcb8ca2563483a"
          },
          {
            "name": "USN-3752-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3752-3/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/cve-2018-1000200"
          },
          {
            "name": "[linux-kernel] 20180424 [patch v3 for-4.17] mm, oom: fix concurrent munlock and oom reaper unmap",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://marc.info/?l=linux-kernel\u0026m=152460926619256"
          },
          {
            "name": "RHSA-2018:2948",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2948"
          },
          {
            "name": "104397",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104397"
          },
          {
            "name": "[linux-kernel] 20180417 [patch] mm, oom: fix concurrent munlock and oom reaper unmap",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://marc.info/?l=linux-kernel\u0026m=152400522806945"
          },
          {
            "name": "USN-3752-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3752-1/"
          },
          {
            "name": "[oss-security] 20180424 CVE-2018-1000200 (Linux): Bad memory access on oom kill of large mlocked process",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2018/q2/67"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "dateAssigned": "2018-04-17T00:00:00",
      "datePublic": "2018-04-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed process\u0027s final thread calling exit_mmap(), which calls munlock_vma_pages_all() for mlocked vmas.This can happen synchronously with the oom reaper\u0027s unmap_page_range() since the vma\u0027s VM_LOCKED bit is cleared before munlocking (to determine if any other vmas share the memory and are mlocked)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-31T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3752-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3752-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27ae357fa82be5ab73b2ef8d39dcb8ca2563483a"
        },
        {
          "name": "USN-3752-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3752-3/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://access.redhat.com/security/cve/cve-2018-1000200"
        },
        {
          "name": "[linux-kernel] 20180424 [patch v3 for-4.17] mm, oom: fix concurrent munlock and oom reaper unmap",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://marc.info/?l=linux-kernel\u0026m=152460926619256"
        },
        {
          "name": "RHSA-2018:2948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2948"
        },
        {
          "name": "104397",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104397"
        },
        {
          "name": "[linux-kernel] 20180417 [patch] mm, oom: fix concurrent munlock and oom reaper unmap",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://marc.info/?l=linux-kernel\u0026m=152400522806945"
        },
        {
          "name": "USN-3752-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3752-1/"
        },
        {
          "name": "[oss-security] 20180424 CVE-2018-1000200 (Linux): Bad memory access on oom kill of large mlocked process",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2018/q2/67"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "DATE_ASSIGNED": "2018-04-17T12:00:00",
          "DATE_REQUESTED": "2018-04-17T14:00:00",
          "ID": "CVE-2018-1000200",
          "REQUESTER": "rientjes@google.com",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed process\u0027s final thread calling exit_mmap(), which calls munlock_vma_pages_all() for mlocked vmas.This can happen synchronously with the oom reaper\u0027s unmap_page_range() since the vma\u0027s VM_LOCKED bit is cleared before munlocking (to determine if any other vmas share the memory and are mlocked)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3752-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3752-2/"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27ae357fa82be5ab73b2ef8d39dcb8ca2563483a",
              "refsource": "CONFIRM",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27ae357fa82be5ab73b2ef8d39dcb8ca2563483a"
            },
            {
              "name": "USN-3752-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3752-3/"
            },
            {
              "name": "https://access.redhat.com/security/cve/cve-2018-1000200",
              "refsource": "CONFIRM",
              "url": "https://access.redhat.com/security/cve/cve-2018-1000200"
            },
            {
              "name": "[linux-kernel] 20180424 [patch v3 for-4.17] mm, oom: fix concurrent munlock and oom reaper unmap",
              "refsource": "MLIST",
              "url": "https://marc.info/?l=linux-kernel\u0026m=152460926619256"
            },
            {
              "name": "RHSA-2018:2948",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2948"
            },
            {
              "name": "104397",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104397"
            },
            {
              "name": "[linux-kernel] 20180417 [patch] mm, oom: fix concurrent munlock and oom reaper unmap",
              "refsource": "MLIST",
              "url": "https://marc.info/?l=linux-kernel\u0026m=152400522806945"
            },
            {
              "name": "USN-3752-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3752-1/"
            },
            {
              "name": "[oss-security] 20180424 CVE-2018-1000200 (Linux): Bad memory access on oom kill of large mlocked process",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2018/q2/67"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-1000200",
    "datePublished": "2018-06-05T13:00:00",
    "dateReserved": "2018-04-17T00:00:00",
    "dateUpdated": "2024-08-05T12:40:46.712Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-1000200\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-06-05T13:29:00.297\",\"lastModified\":\"2018-10-31T10:30:41.480\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed process\u0027s final thread calling exit_mmap(), which calls munlock_vma_pages_all() for mlocked vmas.This can happen synchronously with the oom reaper\u0027s unmap_page_range() since the vma\u0027s VM_LOCKED bit is cleared before munlocking (to determine if any other vmas share the memory and are mlocked).\"},{\"lang\":\"es\",\"value\":\"Las versiones 4.14, 4.15 y 4.16 del kernel de Linux tienen una desreferencia de puntero NULL que puede resultar en agotamiento de memoria (OOM), cerrando grandes procesos bloqueados. El problema surge del hilo final de un proceso finalizado por un OOM que llama a exit_mmap(), el cual llama a munlock_vma_pages_all() para mlocked vmas. Esto puede ocurrir en sincron\u00eda con el rango unmap_page_range() del oom reaper ya que el bit VM_LOCKED del vma se borra antes del munlocking (para determinar si otros vmas comparten la memoria y son bloqueados).\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:C\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":4.9},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:4.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D31DCD50-805F-4CC6-9A98-2AC8BC224DF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:4.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"380E55F5-238D-4FBB-8DB1-DB10EFC37CD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:4.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A63F7D1D-EB47-48AE-B89E-E84A63579FA6\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/oss-sec/2018/q2/67\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104397\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2948\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/security/cve/cve-2018-1000200\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27ae357fa82be5ab73b2ef8d39dcb8ca2563483a\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://marc.info/?l=linux-kernel\u0026m=152400522806945\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://marc.info/?l=linux-kernel\u0026m=152460926619256\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3752-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/3752-2/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/3752-3/\",\"source\":\"cve@mitre.org\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.